two cool things in lemoncurry 1.8

i decided to bump the minor version because there are two fairly big improvements in lemoncurry 1.8!

first up, lemoncurry does pagination!! 📄

every entry feed page now automatically paginates, ten entries to a page,
which is good because i’ve now written thirteen entries here. which
actually is.......... not a lot, i guess? but it’d have gotten real slow
eventually if it kept on having to load every single entry all the time 😉

all the paginated feeds use rel="next" and rel="prev" appropriately, so
it’s still very easy for programs to navigate. this is very good for indieweb
feed readers, like woodwind, as well as for
sufficiently advanced screen readers?

the other exciting thing is improved micropub support! there are two major
improvements that make lemoncurry more compliant with the micropub spec and
therefore more compatible with a variety of micropub clients

my previous implementation only supported formencoded requests, which is the
default format that all micropub servers are required to handle. however,
micropub also defines a json request format, which happens to be more
powerful in various ways, so now i support that too!

to authorise any micropub request, you have to provide a token - i supported
one way of doing this, which is setting the Authorization http header, but
the spec also allows the token to be passed as a query or form parameter, so
now i support that too ✨

yay!!

but what’s next? well, the infrastructure changes i made while implementing
those two improvements will make it way easier to implement the other aspects
of micropub i haven’t yet, too:

you’re supposed to verify the oauth scopes attached to the client’s micropub
token? that’s stuff like “yes, this particular token has been granted
permission to create new entries”. you’ve probably seen the little prompts
while oauthing with sites before, when you give your third-party twitter
clients permission to post tweets and stuff like that. my previous token auth
code made scope verification pretty annoying to do, but it should be as
simple as a cute little check like this now?

if 'create' not in token:
return deny("you can't create new entries!!")

the micropub spec allows you to update existing entries as well as make new
ones! however, it only allows updates to be provided in the json request
format, not the formencoded request format. so of course that wasn’t possible
when i only supported formencoded requests, but it should be easy enough to
do now 🐱 yay!

the auth logic was pretty much hardcoded into the POST /micropub view
handler before, which is bad because you actually need to use it in a few
other places too - i had duplicate auth logic in GET /auth/token, since its
whole job is verifying that the token is valid and will be accepted by POST
/micropub? there’s also additional endpoints, like GET /micropub, that i
haven’t implemented yet but that will need to reuse the same logic too